CVE-2012-5690

Published: Dec 19, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

Affected (44)

Products: Realnetworks: Realplayer, Realplayer Sp

Realnetworks

2 products

Realplayer

Realplayer Sp

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Up to 16.0.0
Realnetworks Realplayer	Version 10.0
Realnetworks Realplayer	Version 10.5
Realnetworks Realplayer	Version 11.0.1
Realnetworks Realplayer	Version 11.0.2.1744
Realnetworks Realplayer	Version 11.0.2.2315
Realnetworks Realplayer	Version 11.0.2
Realnetworks Realplayer	Version 11.0.3
Realnetworks Realplayer	Version 11.0.4
Realnetworks Realplayer	Version 11.0.5
Realnetworks Realplayer	Version 11.0
Realnetworks Realplayer	Version 11.1.3
Realnetworks Realplayer	Version 11.1
Realnetworks Realplayer	Version 11_build_6.0.14.748
Realnetworks Realplayer	Version 12.0.0.1444
Realnetworks Realplayer	Version 12.0.0.1548
Realnetworks Realplayer	Version 14.0.0
Realnetworks Realplayer	Version 14.0.1.609
Realnetworks Realplayer	Version 14.0.1
Realnetworks Realplayer	Version 14.0.2
Realnetworks Realplayer	Version 14.0.3
Realnetworks Realplayer	Version 14.0.4
Realnetworks Realplayer	Version 14.0.5
Realnetworks Realplayer	Version 15.0.0
Realnetworks Realplayer	Version 15.0.4.43
Realnetworks Realplayer	Version 15.0.4
Realnetworks Realplayer	Version 15.0.5.109
Realnetworks Realplayer	Version 15.0.6.14
Realnetworks Realplayer	Version 15.02.71
Realnetworks Realplayer	Version 4
Realnetworks Realplayer	Version 5
Realnetworks Realplayer	Version 6
Realnetworks Realplayer	Version 7
Realnetworks Realplayer	Version 8

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer Sp	Version 1.0.0
Realnetworks Realplayer Sp	Version 1.0.1
Realnetworks Realplayer Sp	Version 1.0.2
Realnetworks Realplayer Sp	Version 1.0.5
Realnetworks Realplayer Sp	Version 1.1.1
Realnetworks Realplayer Sp	Version 1.1.2
Realnetworks Realplayer Sp	Version 1.1.3
Realnetworks Realplayer Sp	Version 1.1.4
Realnetworks Realplayer Sp	Version 1.1.5
Realnetworks Realplayer Sp	Version 1.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://service.real.com/realplayer/security/12142012_player/en/

Source: cve@mitre.org

Vendor Advisory

http://service.real.com/realplayer/security/12142012_player/en/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.